kjj911

Members
  • Content Count

    16
  • Joined

  • Last visited

Community Reputation

0 Neutral

About kjj911

  • Rank
    Member
  1. Hi! I am trying to fix my mom's computer. She has started getting constant pages popping up titled Total Security and it has pretty much taken over her system. Will not let me run Ad-Aware..tried SpyBot also with no luck....cannot open any browser page that would be connected to help getting rid of it. Tried running AVG scan but computer shut down before it could finish for no reason. Now when rebooting desktop shows the white background Active Desktop asking if you want to go to last known good configuration, etc..... I did also try starting in Safe Mode and it would not allow that either. Any suggestions??? Thanks for any and all help : )
  2. Ok Thanks! I think I am all set now Thank you so much for all of your help....couldn't have cleaned this one myself! Thanks, KJ
  3. Hi Blade, Someone suggested unchecking "certify email" in AVG....didn't think anything there was changed but it seems to have corrected the problem. HTML emails now show as they should unstead of blank pages. Let me know if you think I should not have done that as the fix. You said to do a backup before doing things like SP3 download. I know when I read the details it made me think I didn't want to do it. How exactly do I do a backup before doing something like that? Thanks again! KJ
  4. That said ComboFix uninstalled Do you recommend upgrading to Microsoft Windows SP3 at this point also? Also, I noticed a new issue today....I use Outlook Express for email and incoming ads this morning all open a blank page as if HTML is not working....if they have a link in the email that says Having trouble viewing click here it will then display but all don't have it so I can't see what the email said. Would anything we have done changed something there? I have never had any problem before.
  5. That was a mis-type on my part in the response...I had cut and pasted it before and did it again and it says Windows cannot find it. I did a file search and it shows this: Combo-Fix in C:|Documents and Settings\Kelly\Desktop Combo-fix log 1 in My Computer (has IE logo next to it) Will it get the same results if I try to delete each of those from that search result area?
  6. So far things seem to be running good I did the System Restore off...reboot....back on. Re-hid all files When I put Combo-Fix \u in the run box it says it cannot be found but the icon is still on my desktop. I will work on the Microsoft updates. I update AVG and Ad-Aware religiously but guess I have never trusted Microsoft so don't do those as frequently as I should. I have not upgraded to SP3 yet...what is your feeling on that? I always tend to wait long enough for others to get the bugs out...do you recommend doing everything from Microsoft as soon as it is available? I see now where my first error came in....when upgrades to AVG started saying they couldn't be done...ck internet connection etc. I got frustrated and uninstalled it and reinstalled it thinking it was a problem with the free version which of course has no tech support to ask...never once thought of a virus/malware having gotten in and causing the problem. If there is a next time you can be assured it will cross my mind. I also slacked on full system scans thinking it should be catching everything as it comes in so why slow the computer down for hours with the full scan. Bad thinking! I will work on doing all the Windows upgrades. Can you advise on the Combo-fix deletion? Thanks! Kelly
  7. This time the results were: ----a-w- 50,176 2004-08-04 07:56:55 C:\Documents and Settings\Kelly\Desktop\proquota.exe ----a-w- 50,176 2004-08-04 07:56:55 C:\WINDOWS\system32\proquota.exe ----a-w- 50,176 2004-08-04 07:56:55 C:\WINDOWS\system32\dllcache\proquota.exe Entries: 3 (3) Directories: 0 Files: 3 Bytes: 150,528 Blocks: 294
  8. When I double clicked it, it opened a box titled C:\WINDOWS\System32\cmd.exe Inside that box said C:\Documents and Settings\Kelly\Desktop>xcopy "C:\Documents and Settings\Kelly\desktop\proquota.exe" c:\windows/system32\dllcache Overwrite C:\windows\system32\dllcache\proquota.exe (Yes/No/All)? Thought I better check with you before I selected just to be sure......
  9. Ok....I'm confused. When I went into WINDOWS/System32 and tried to create a dllcache folder it says one already exists name the new folder something else. So thinking maybe I missed it I did a search of all files and folders for c:\WINDOWS\System32\dllcache and it says no matches found. So then I went into My Computer, Local Disk C, WINDOWS, System 32 unhid all files and finding no file or folder titled dllcache I tried to create it and again it told me it already exists. So what do I do now? Also, I have noticed a lot of files starting with $...have they always been there and I didn't notice that or are those problems? My continued thanks!
  10. Ok...I found and copied the file to CD....I then copied it in this computer to C:WINDOWS/System32. I find no folder titled C:WINDOWS\System32\dllcache to copy it to. Do you want me to make a new folder titled that and save it there?
  11. Hi! I thought I did but upon opening it, it is just a booklet telling about XP...contained no disk : ( I do have a disk set that it said to create when I first got this computer.....it said it would download 4 disks however stopped at 3 and I never knew how to get it to create again to get the last disk but aby chance what we are looking for would be on the ones that it did create? Or is it something I can get off my old laptop that is also XP? I know when I bought this computer it said they no longer give you an operating system disk so I know I don't have one from this one.
  12. I deleted the files you said and here is the results of the other scan: Entries: 0 (0) Directories: 0 Files: 0 Bytes: 0 Blocks: 0 Things seem better but was surprised Kaspersky still found so much on that last scan. Also, if I could ask a question about the websearch smileys....when I first started searching to add smileys to my emails that appeared to be the recommended one....everything said stay away from Incredimail.... even Ad-Aware allowed the smileys to stay when the computer was scanned....but as time passed it seems to have become a bad thing.....I know some time ago Ad-Aware started removing it with the scan. Do they just attach more junk to the download now making it hazardous? Is there a safe one you know of that I could use in it's place? Also, other than having AVG and running Ad-Aware is there anything else I should be doing regularly? I am just surprised with my preaching to others to make sure you have those two items if nothing else on your computer than mine got so messed up. Thanks again for all this help!! KJ
  13. I messed up and forgot to change the Kaspersky to txt when saving. I will post it how I saved it since it won't let me change it and if you need me to run the scan over to save to txt let me know: *KASPERSKY ONLINE SCANNER 7.0 REPORT* Wednesday, July 29, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Wednesday, July 29, 2009 13:37:14 Records in database: 2560988 *Scan settings* Scan using the following database extended Scan archives yes Scan mail databases yes *Scan area* My Computer C:\ D:\ E:\ Z:\ *Scan statistics* Files scanned 92031 Threat name 20 Infected objects 38 Suspicious objects 0 Duration of the scan 02:59:43 *File name* *Threat name* *Threats count* C:\Documents and Settings\Kelly\christmas in heaven CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1 C:\Documents and Settings\Kelly\Desktop\ATT_SST_Installer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 2 C:\Documents and Settings\Kelly\Desktop\SmileyCentralPFSetup2.2.60.6.ZNfox000.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.av 1 C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1 C:\Program Files\Netscape\Netscape Browser\plugins\NPMyWebS.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1 C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.l 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.af 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.an 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.aq 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:Monitor.Win32.Agent.c 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ba 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACpvvacnxsdg.sys.vir Infected: Rootkit.Win32.Agent.moy 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACedqjdjyqrc.dll.vir Infected: Packed.Win32.Tdss.m 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UAChywedtohld.dll.vir Infected: Trojan.Win32.Tdss.ajkj 1 * The selected area was scanned.* DDS (Ver_09-06-26.01) - NTFSx86 Run by Kelly at 12:59:00.34 on Wed 07/29/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.639 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Vongo\VongoService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\system32\dllhost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Kelly\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://espn.go.com/motion/detect.html uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [RecGuard] c:\windows\sminst\RecGuard.exe mRun: [WildTangent CDA] "c:\program files\wildtangent\apps\cda\gamedrvr.exe" /startup "c:\program files\wildtangent\apps\cda\cdaEngine0500.dll" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRunOnce: [uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp StartupFolder: c:\docume~1\kelly\startm~1\programs\startup\ypops.lnk - c:\documents and settings\kelly\ypops\YPOPs StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe uPolicies-explorer: ForceClassicControlPanel = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\kelly\applic~1\mozilla\firefox\profiles\f2a7r7sl.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\kelly\application data\mozilla\firefox\profiles\f2a7r7sl.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-26 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-28 335752] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-28 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-28 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-2 907032] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-28 298776] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328] R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-11 1251720] S2 HPFECP06;HPFECP06;c:\windows\system32\drivers\hpfecp06.sys [2006-11-22 38176] S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-7-29 66056] S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2007-9-30 15104] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-28 24652] =============== Created Last 30 ================ 2009-07-29 07:58 <DIR> a-dshr-- C:\cmdcons 2009-07-29 01:08 <DIR> --d----- c:\windows\system32\dllcache\cache 2009-07-29 00:47 219,648 a------- c:\windows\PEV.exe 2009-07-29 00:47 161,792 a------- c:\windows\SWREG.exe 2009-07-29 00:47 98,816 a------- c:\windows\sed.exe 2009-07-27 10:43 410,984 a------- c:\windows\system32\deploytk.dll 2009-07-27 10:43 73,728 a------- c:\windows\system32\javacpl.cpl 2009-07-27 09:34 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-27 09:34 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-07-27 09:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-07-27 09:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-07-26 13:33 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-07-26 13:29 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864} 2009-07-25 22:22 102,664 a------- c:\windows\system32\drivers\tmcomm.sys 2009-07-08 07:39 4,876 a------- c:\windows\system32\d3d9caps.dat 2009-06-30 16:50 <DIR> --d----- c:\program files\common files\DivX Shared ==================== Find3M ==================== 2009-07-02 18:05 335,752 a------- c:\windows\system32\drivers\avgldx86.sys 2009-06-23 09:38 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-06-01 07:40 116,841 a------- c:\windows\hpqins00.dat 2009-05-13 15:11 1,552 a------- c:\docume~1\kelly\applic~1\wklnhst.dat ============= FINISH: 12:59:45.98 =============== That did let the Combo-fix install the recovery console however when it first opened it said there was a new version available did I want the update yes or no. I chose no given the circumstances that I wasnt sure if it was for real or something the hijacker was attempting to lead me to........here is the log.... ComboFix 09-07-28.01 - Kelly 07/29/2009 7:59.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.477 [GMT -4:00] Running from: c:\documents and settings\Kelly\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Kelly\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} * Created a new restore point file zipped: c:\docume~1\alluse~1\applic~1\fywipat.vbs file zipped: c:\docume~1\alluse~1\applic~1\otawis.scr file zipped: c:\docume~1\alluse~1\applic~1\ybuja.dat file zipped: c:\docume~1\alluse~1\applic~1\ypihibac.exe file zipped: c:\program files\common files\miqolipo.dl file zipped: c:\program files\common files\wuxawybyd.dl file zipped: c:\program files\common files\ybijaseh.bin file zipped: c:\program files\common files\ylibeh.db file zipped: c:\program files\common files\ymotasyc.dl file zipped: c:\windows\gijofebyk._dl file zipped: c:\windows\haqenyteh.dll file zipped: c:\windows\imaw.db file zipped: c:\windows\system32\okuqokyj.exe file zipped: c:\windows\yhot.scr . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\alluse~1\applic~1\fywipat.vbs c:\docume~1\alluse~1\applic~1\otawis.scr c:\docume~1\alluse~1\applic~1\ybuja.dat c:\docume~1\alluse~1\applic~1\ypihibac.exe c:\program files\common files\miqolipo.dl c:\program files\common files\wuxawybyd.dl c:\program files\common files\ybijaseh.bin c:\program files\common files\ylibeh.db c:\program files\common files\ymotasyc.dl c:\windows\gijofebyk._dl c:\windows\haqenyteh.dll c:\windows\imaw.db c:\windows\system32\okuqokyj.exe c:\windows\yhot.scr c:\windows\system32\proquota.exe . . . is missing!! . ((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 ))))))))))))))))))))))))))))))) . 2009-07-27 14:43 . 2009-07-27 14:43 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-07-27 13:34 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-27 13:34 . 2009-07-28 19:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-27 13:34 . 2009-07-27 13:34 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes 2009-07-27 13:34 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-26 18:42 . 2009-07-26 18:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities 2009-07-26 17:33 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-07-26 17:29 . 2009-07-26 17:29 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864} 2009-07-26 02:22 . 2008-05-09 14:49 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-07-25 02:37 . 2009-07-25 02:37 -------- d-s---w- c:\windows\system32\config\systemprofile\History 2009-07-25 02:37 . 2009-07-25 02:37 -------- d-s---w- c:\windows\system32\config\systemprofile\Temporary Internet Files 2009-07-08 11:39 . 2009-07-08 11:39 4876 ----a-w- c:\windows\system32\d3d9caps.dat 2009-06-30 20:50 . 2009-06-30 20:50 -------- d-----w- c:\program files\Common Files\DivX Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-29 05:39 . 2006-08-24 15:23 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2009-07-27 14:43 . 2006-05-11 09:47 -------- d-----w- c:\program files\Java 2009-07-26 17:29 . 2006-08-24 13:41 -------- d-----w- c:\program files\Lavasoft 2009-07-26 17:01 . 2008-07-15 00:57 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8 2009-07-26 12:57 . 2006-08-24 15:23 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-26 12:56 . 2006-05-11 12:35 -------- d-----w- c:\program files\Google 2009-07-02 22:05 . 2008-10-28 17:01 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-01 03:33 . 2008-07-12 02:33 -------- d-----w- c:\program files\DivX 2009-06-23 13:38 . 2008-10-28 17:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-23 13:38 . 2008-10-28 17:01 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-19 00:44 . 2007-10-28 20:24 -------- d-----w- c:\program files\AIM6 2009-06-19 00:20 . 2007-10-28 20:24 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint 2009-06-19 00:16 . 2008-05-21 11:51 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AOL Downloads 2009-06-05 03:06 . 2007-03-21 01:31 -------- d--h--w- c:\documents and settings\Kelly\Application Data\Move Networks 2009-06-01 11:40 . 2009-06-01 11:32 116841 ----a-w- c:\windows\hpqins00.dat 2009-05-13 19:11 . 2007-02-17 04:42 1552 ----a-w- c:\documents and settings\Kelly\Application Data\wklnhst.dat 2009-05-07 22:11 . 2008-10-28 17:01 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-07-25 02:52 . 2008-09-01 13:28 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-01-20 159744] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "WildTangent CDA"="c:\program files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-29 28616] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 184320] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-23 1948440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208] "MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2007-07-06 177152] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-03 61952] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728] c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\ AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2007-9-20 217088] HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-23 13:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/26/2009 1:33 PM 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/28/2008 1:01 PM 335752] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/28/2008 1:01 PM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/2/2009 6:05 PM 907032] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/28/2008 1:01 PM 298776] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456] S2 HPFECP06;HPFECP06;c:\windows\system32\drivers\hpfecp06.sys [11/22/2006 1:02 PM 38176] S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [9/30/2007 5:12 AM 15104] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/28/2007 4:24 PM 24652] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://espn.go.com/motion/detect.html uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\docume~1\Kelly\APPLIC~1\Mozilla\Firefox\Profiles\f2a7r7sl.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Kelly\Application Data\Mozilla\Firefox\Profiles\f2a7r7sl.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-29 08:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? [email protected][email protected]? ????o??????([email protected][email protected] scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(912) c:\windows\system32\igfxdev.dll . Completion time: 2009-07-29 8:06 ComboFix-quarantined-files.txt 2009-07-29 12:06 ComboFix2.txt 2009-07-29 05:09 Pre-Run: 70,459,273,216 bytes free Post-Run: 70,428,864,512 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 214 Upload was successful
  14. Ok....First ComboFix downloaded but would not run as was the problem originally with detection programs. I changed it to Combo-Fix which I had read somewhere earlier when researching and that allowed it to run however I did not see it do a backup of the Windows Registry as pictured in the guide and it would not install the Recovery System. It said "Failed to download required files...is aborting" It then continued on with it's scan. Here are the results of that: ComboFix 09-07-28.01 - Kelly 07/29/2009 1:00.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.488 [GMT -4:00] Running from: c:\documents and settings\Kelly\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\FunWebProducts c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html c:\program files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html c:\program files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\Internet Explorer\msimg32.dll c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache53363F c:\program files\MyWebSearch\bar\Cache3353DDA.bin c:\program files\MyWebSearch\bar\Cache3354136.bin c:\program files\MyWebSearch\bar\Cache33542AD.bin c:\program files\MyWebSearch\bar\Cache\21DD59C2 c:\program files\MyWebSearch\bar\Cache\21DD6134 c:\program files\MyWebSearch\bar\Cache\21DD626D.bin c:\program files\MyWebSearch\bar\Cache\21DD652C.bin c:\program files\MyWebSearch\bar\Cache\21DD6B18.bin c:\program files\MyWebSearch\bar\Cache\21DD725B.bin c:\program files\MyWebSearch\bar\Cache\21DDAE0C.bin c:\program files\MyWebSearch\bar\Cache\21DDAF83.bin c:\program files\MyWebSearch\bar\Cache\21DDB0CB.bin c:\program files\MyWebSearch\bar\Cache\21DDB1F4.bin c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search2 c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL c:\windows\Installer\bd88bb0.msi c:\windows\kb913800.exe c:\windows\system32\_000006_.tmp.dll c:\windows\system32\_000009_.tmp.dll c:\windows\system32\_000010_.tmp.dll c:\windows\system32\AutoRun.inf c:\windows\system32\drivers\UACpvvacnxsdg.sys c:\windows\system32\f3PSSavr.scr c:\windows\system32\UACayiuhsutvr.db c:\windows\system32\UACcupkcktkag.dll c:\windows\system32\UACedqjdjyqrc.dll c:\windows\system32\UAChywedtohld.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACmdkwjbumts.dat c:\windows\system32\UACssifntdjfw.dll c:\windows\system32\UACuwomuoirml.dll D:\Autorun.inf c:\windows\system32\proquota.exe . . . is missing!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 ))))))))))))))))))))))))))))))) . 2009-07-27 14:43 . 2009-07-27 14:43 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-07-27 13:34 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-27 13:34 . 2009-07-28 19:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-27 13:34 . 2009-07-27 13:34 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes 2009-07-27 13:34 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-26 18:42 . 2009-07-26 18:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities 2009-07-26 17:33 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-07-26 17:29 . 2009-07-26 17:29 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864} 2009-07-26 06:13 . 2009-07-26 06:13 18956 ----a-w- c:\windows\system32\okuqokyj.exe 2009-07-26 06:13 . 2009-07-26 06:13 17036 ----a-w- c:\program files\Common Files\ybijaseh.bin 2009-07-26 06:13 . 2009-07-26 06:13 15788 ----a-w- c:\windows\yhot.scr 2009-07-26 06:13 . 2009-07-26 06:13 10755 ----a-w- c:\windows\haqenyteh.dll 2009-07-26 02:22 . 2008-05-09 14:49 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-07-25 02:37 . 2009-07-25 02:37 -------- d-s---w- c:\windows\system32\config\systemprofile\History 2009-07-25 02:37 . 2009-07-25 02:37 -------- d-s---w- c:\windows\system32\config\systemprofile\Temporary Internet Files 2009-07-08 11:39 . 2009-07-08 11:39 4876 ----a-w- c:\windows\system32\d3d9caps.dat 2009-06-30 20:50 . 2009-06-30 20:50 -------- d-----w- c:\program files\Common Files\DivX Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-27 14:43 . 2006-05-11 09:47 -------- d-----w- c:\program files\Java 2009-07-26 17:59 . 2006-08-24 15:23 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2009-07-26 17:29 . 2006-08-24 13:41 -------- d-----w- c:\program files\Lavasoft 2009-07-26 17:01 . 2008-07-15 00:57 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8 2009-07-26 12:57 . 2006-08-24 15:23 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-26 12:56 . 2006-05-11 12:35 -------- d-----w- c:\program files\Google 2009-07-26 06:13 . 2009-07-26 06:13 19677 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\otawis.scr 2009-07-26 06:13 . 2009-07-26 06:13 19567 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\ybuja.dat 2009-07-26 06:13 . 2009-07-26 06:13 14310 ----a-w- c:\program files\Common Files\ymotasyc.dl 2009-07-26 06:13 . 2009-07-26 06:13 13954 ----a-w- c:\program files\Common Files\ylibeh.db 2009-07-26 06:13 . 2009-07-26 06:13 11426 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\ypihibac.exe 2009-07-26 06:13 . 2009-07-26 06:13 11310 ----a-w- c:\program files\Common Files\wuxawybyd.dl 2009-07-26 06:13 . 2009-07-26 06:13 10228 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\fywipat.vbs 2009-07-26 06:13 . 2009-07-26 06:13 10043 ----a-w- c:\program files\Common Files\miqolipo.dl 2009-07-02 22:05 . 2008-10-28 17:01 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-01 03:33 . 2008-07-12 02:33 -------- d-----w- c:\program files\DivX 2009-06-23 13:38 . 2008-10-28 17:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-23 13:38 . 2008-10-28 17:01 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-19 00:44 . 2007-10-28 20:24 -------- d-----w- c:\program files\AIM6 2009-06-19 00:20 . 2007-10-28 20:24 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint 2009-06-19 00:16 . 2008-05-21 11:51 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AOL Downloads 2009-06-05 03:06 . 2007-03-21 01:31 -------- d--h--w- c:\documents and settings\Kelly\Application Data\Move Networks 2009-06-01 11:40 . 2009-06-01 11:32 116841 ----a-w- c:\windows\hpqins00.dat 2009-05-13 19:11 . 2007-02-17 04:42 1552 ----a-w- c:\documents and settings\Kelly\Application Data\wklnhst.dat 2009-05-07 22:11 . 2008-10-28 17:01 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-07-25 02:52 . 2008-09-01 13:28 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-01-20 159744] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "WildTangent CDA"="c:\program files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-29 28616] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 184320] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-23 1948440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208] "MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2007-07-06 177152] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-03 61952] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728] c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\ AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2007-9-20 217088] HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-23 13:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/26/2009 1:33 PM 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/28/2008 1:01 PM 335752] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/28/2008 1:01 PM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/2/2009 6:05 PM 907032] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/28/2008 1:01 PM 298776] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456] S2 HPFECP06;HPFECP06;c:\windows\system32\drivers\hpfecp06.sys [11/22/2006 1:02 PM 38176] S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [9/30/2007 5:12 AM 15104] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/28/2007 4:24 PM 24652] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://espn.go.com/motion/detect.html uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\docume~1\Kelly\APPLIC~1\Mozilla\Firefox\Profiles\f2a7r7sl.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Kelly\Application Data\Mozilla\Firefox\Profiles\f2a7r7sl.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-29 01:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? [email protected][email protected]? ????o??????([email protected][email protected] scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-07-29 1:09 ComboFix-quarantined-files.txt 2009-07-29 05:09 Pre-Run: 69,676,183,552 bytes free Post-Run: 70,495,375,360 bytes free 293 The New DDS file: DDS (Ver_09-06-26.01) - NTFSx86 Run by Kelly at 1:24:30.43 on Wed 07/29/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.418 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Vongo\VongoService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\system32\dllhost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Kelly\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://espn.go.com/motion/detect.html uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [RecGuard] c:\windows\sminst\RecGuard.exe mRun: [WildTangent CDA] "c:\program files\wildtangent\apps\cda\gamedrvr.exe" /startup "c:\program files\wildtangent\apps\cda\cdaEngine0500.dll" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe StartupFolder: c:\docume~1\kelly\startm~1\programs\startup\ypops.lnk - c:\documents and settings\kelly\ypops\YPOPs StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe uPolicies-explorer: ForceClassicControlPanel = 1 (0x1) IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\kelly\applic~1\mozilla\firefox\profiles\f2a7r7sl.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\kelly\application data\mozilla\firefox\profiles\f2a7r7sl.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-26 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-28 335752] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-28 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-28 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-2 907032] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-28 298776] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328] R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-11 1251720] S2 HPFECP06;HPFECP06;c:\windows\system32\drivers\hpfecp06.sys [2006-11-22 38176] S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2007-9-30 15104] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-28 24652] =============== Created Last 30 ================ 2009-07-29 01:08 <DIR> --d----- c:\windows\system32\dllcache\cache 2009-07-29 00:47 219,648 a------- c:\windows\PEV.exe 2009-07-29 00:47 161,792 a------- c:\windows\SWREG.exe 2009-07-29 00:47 98,816 a------- c:\windows\sed.exe 2009-07-27 10:43 410,984 a------- c:\windows\system32\deploytk.dll 2009-07-27 10:43 73,728 a------- c:\windows\system32\javacpl.cpl 2009-07-27 09:34 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-27 09:34 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-07-27 09:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-07-27 09:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-07-26 13:33 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-07-26 13:29 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864} 2009-07-26 02:13 19,677 a------- c:\docume~1\alluse~1\applic~1\otawis.scr 2009-07-26 02:13 19,567 a------- c:\docume~1\alluse~1\applic~1\ybuja.dat 2009-07-26 02:13 18,956 a------- c:\windows\system32\okuqokyj.exe 2009-07-26 02:13 18,372 a------- c:\windows\gijofebyk._dl 2009-07-26 02:13 17,036 a------- c:\program files\common files\ybijaseh.bin 2009-07-26 02:13 15,788 a------- c:\windows\yhot.scr 2009-07-26 02:13 11,450 a------- c:\windows\imaw.db 2009-07-26 02:13 11,426 a------- c:\docume~1\alluse~1\applic~1\ypihibac.exe 2009-07-26 02:13 10,755 a------- c:\windows\haqenyteh.dll 2009-07-26 02:13 10,228 a------- c:\docume~1\alluse~1\applic~1\fywipat.vbs 2009-07-25 22:22 102,664 a------- c:\windows\system32\drivers\tmcomm.sys 2009-07-08 07:39 4,876 a------- c:\windows\system32\d3d9caps.dat 2009-06-30 16:50 <DIR> --d----- c:\program files\common files\DivX Shared ==================== Find3M ==================== 2009-07-26 02:13 14,310 a------- c:\program files\common files\ymotasyc.dl 2009-07-26 02:13 13,954 a------- c:\program files\common files\ylibeh.db 2009-07-26 02:13 11,310 a------- c:\program files\common files\wuxawybyd.dl 2009-07-26 02:13 10,043 a------- c:\program files\common files\miqolipo.dl 2009-07-02 18:05 335,752 a------- c:\windows\system32\drivers\avgldx86.sys 2009-06-23 09:38 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-06-01 07:40 116,841 a------- c:\windows\hpqins00.dat 2009-05-13 15:11 1,552 a------- c:\docume~1\kelly\applic~1\wklnhst.dat ============= FINISH: 1:24:47.37 =============== Why would it not have allowed the recovery Console? Also, many items that used to be displayed in the icon try next to the clock are not longer there...do they just return as the items are used? I will be awaiting the next instructions : ] Thanks! KJ
  15. DDS (Ver_09-06-26.01) - NTFSx86 Run by Kelly at 13:39:12.23 on Tue 07/28/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.552 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Vongo\VongoService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\system32\dllhost.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Documents and Settings\Kelly\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://espn.go.com/motion/detect.html uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchAssistant = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [<NO NAME>] mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [RecGuard] c:\windows\sminst\RecGuard.exe mRun: [WildTangent CDA] "c:\program files\wildtangent\apps\cda\gamedrvr.exe" /startup "c:\program files\wildtangent\apps\cda\cdaEngine0500.dll" mRun: [My Web Search Bar] rundll32 c:\progra~1\mywebs~1\bar\1.bin\MWSBAR.DLL,S mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe StartupFolder: c:\docume~1\kelly\startm~1\programs\startup\ypops.lnk - c:\documents and settings\kelly\ypops\YPOPs StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe uPolicies-explorer: ForceClassicControlPanel = 1 (0x1) uPolicies-system: EnableProfileQuota = 1 (0x1) IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\kelly\applic~1\mozilla\firefox\profiles\f2a7r7sl.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\kelly\application data\mozilla\firefox\profiles\f2a7r7sl.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-26 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-28 335752] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-28 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-28 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-2 907032] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-28 298776] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328] R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-11 1251720] S2 HPFECP06;HPFECP06;c:\windows\system32\drivers\hpfecp06.sys [2006-11-22 38176] S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2007-9-30 15104] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-28 24652] =============== Created Last 30 ================ 2009-07-27 10:43 410,984 a------- c:\windows\system32\deploytk.dll 2009-07-27 10:43 73,728 a------- c:\windows\system32\javacpl.cpl 2009-07-27 09:34 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-27 09:34 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-07-27 09:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-07-27 09:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-07-26 13:33 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-07-26 13:29 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864} 2009-07-26 02:13 19,677 a------- c:\docume~1\alluse~1\applic~1\otawis.scr 2009-07-26 02:13 19,567 a------- c:\docume~1\alluse~1\applic~1\ybuja.dat 2009-07-26 02:13 18,956 a------- c:\windows\system32\okuqokyj.exe 2009-07-26 02:13 18,372 a------- c:\windows\gijofebyk._dl 2009-07-26 02:13 17,036 a------- c:\program files\common files\ybijaseh.bin 2009-07-26 02:13 15,788 a------- c:\windows\yhot.scr 2009-07-26 02:13 11,450 a------- c:\windows\imaw.db 2009-07-26 02:13 11,426 a------- c:\docume~1\alluse~1\applic~1\ypihibac.exe 2009-07-26 02:13 10,755 a------- c:\windows\haqenyteh.dll 2009-07-26 02:13 10,228 a------- c:\docume~1\alluse~1\applic~1\fywipat.vbs 2009-07-25 22:22 102,664 a------- c:\windows\system32\drivers\tmcomm.sys 2009-07-08 07:39 4,876 a------- c:\windows\system32\d3d9caps.dat 2009-06-30 16:50 <DIR> --d----- c:\program files\common files\DivX Shared ==================== Find3M ==================== 2009-07-26 02:13 14,310 a------- c:\program files\common files\ymotasyc.dl 2009-07-26 02:13 13,954 a------- c:\program files\common files\ylibeh.db 2009-07-26 02:13 11,310 a------- c:\program files\common files\wuxawybyd.dl 2009-07-26 02:13 10,043 a------- c:\program files\common files\miqolipo.dl 2009-07-02 18:05 335,752 a------- c:\windows\system32\drivers\avgldx86.sys 2009-06-23 09:38 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-06-01 07:40 116,841 a------- c:\windows\hpqins00.dat 2009-05-13 15:11 1,552 a------- c:\docume~1\kelly\applic~1\wklnhst.dat ============= FINISH: 13:40:17.87 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 8/21/2006 8:42:04 PM System Uptime: 7/28/2009 7:09:59 AM (6 hours ago) Motherboard: Hewlett-Packard | | 30A8 Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U1 | 1597/mhz Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U1 | 1596/mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 97 GiB total, 64.943 GiB free. E: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Parallel Device Device ID: ROOT\LEGACY_HPFECP0600 Manufacturer: Name: Parallel Device PNP Device ID: ROOT\LEGACY_HPFECP0600 Service: HPFECP06 Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: Photosmart C7200 series Device ID: ROOT\MULTIFUNCTION00 Manufacturer: HP Name: Photosmart C7200 series PNP Device ID: ROOT\MULTIFUNCTION00 Service: ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== 32 Bit HP CIO Components Installer 5 Card Slingo from Hewlett-Packard Laptops (remove only) AbiWord 2.6.2 Ad-Aware Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 8.1.4 AIM 6 AIO_Scan Apple Mobile Device Support Apple Software Update AT&T Self Support Tool AutoUpdate AVG Free 8.5 Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only) Big Kahuna Reef from Hewlett-Packard Laptops (remove only) Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only) Blasterball 2 from Hewlett-Packard Laptops (remove only) Boggle Supreme from Hewlett-Packard Laptops (remove only) Bonjour Bookworm Deluxe from Hewlett-Packard Laptops (remove only) Bounce Symphony from Hewlett-Packard Laptops (remove only) Broadcom 802.11 Wireless LAN Adapter BufferChm C7200 C7200_doccd c7200_Help CCleaner (remove only) Chuzzle Deluxe from Hewlett-Packard Laptops (remove only) Conexant HD Audio Copy Coupon Printer for Windows CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_OnlineProjectsConfig CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config cp_PosterPrintConfig cp_UpdateProjectsConfig Craft ROBO Controller Critical Update for Windows Media Player 11 (KB959772) Crystal Maze from Hewlett-Packard Laptops (remove only) CueTour Customer Experience Enhancement CustomerResearchQFolder Destination Component DeviceDiscovery DivX Codec DivX Converter DivX Player DivX Web Player DocProc DocProcQFolder Easy Internet Sign-up ESPNMotion eSupportQFolder FATE from Hewlett-Packard Laptops (remove only) Fax Final Drive Nitro from Hewlett-Packard Laptops (remove only) Flip Words from Hewlett-Packard Laptops (remove only) FullDPAppQFolder GemMaster Mystic getPlus®_dll HDAUDIO Soft Data Fax Modem with SmartCP Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB888795) Hotfix for Windows XP (KB891593) Hotfix for Windows XP (KB895961) Hotfix for Windows XP (KB896256) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB899337) Hotfix for Windows XP (KB899510) Hotfix for Windows XP (KB902841) Hotfix for Windows XP (KB909095) Hotfix for Windows XP (KB912024) Hotfix for Windows XP (KB912436) Hotfix for Windows XP (KB915326) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB952287) HP Business Inkjet 2200/2250 HP Customer Participation Program 9.0 HP DeskJet 720C Series (Remove only) HP Game Console and games HP Help and Support HP Imaging Device Functions 9.0 HP OCR Software 9.0 HP Photosmart All-In-One Software 9.0 HP Photosmart Essential 2.01 HP Photosmart Essential2.01 HP Photosmart Premier Software 6.0 HP Product Assistant HP Product Detection HP Quick Launch Buttons 6.20 A4 HP QuickPlay 2.1 HP Rhapsody HP Smart Web Printing HP Solution Center 9.0 HP Update HP User Guides--System Recovery HP User Guides 0019 HP Wireless Assistant HP_Network_UserGuide HPProductAssistant HpSdpAppCoreApp HPSSupply Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only) InstantShareDevices Intel® Graphics Media Accelerator Driver Intel® Network Connections Drivers InterVideo DVD Check InterVideo WinDVD iTunes Java 6 Update 14 Jewel Quest from Hewlett-Packard Laptops (remove only) K-Lite Codec Pack 4.0.0 (Full) Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only) Lexibox Deluxe from Hewlett-Packard Laptops (remove only) LightScribe 1.4.105.1 LimeWire 4.14.10 LiveUpdate 3.0 (Symantec Corporation) Macromedia Flash Player 8 Mah Jong Quest from Hewlett-Packard Laptops (remove only) Malwarebytes' Anti-Malware MarketResearch Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Home Publishing 2000 Microsoft Money 2006 Microsoft Office 2000 Professional Microsoft Office Standard Edition 2003 Microsoft Picture It! 2000 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Works Move Networks Media Player for Internet Explorer Mozilla Firefox (3.0.12) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MUSTEK 1200 UB v2.1 muvee autoProducer 4.5 My Web Search (Smiley Central) Netscape Browser (remove only) NetWaiting Network Oasis from Hewlett-Packard Laptops (remove only) Office 2003 Trial Assistant OptionalContentQFolder Otto PanoStandAlone PhotoGallery Polar Bowler from Hewlett-Packard Laptops (remove only) Polar Golfer from Hewlett-Packard Laptops (remove only) PS_AIO_02_ProductContext PS_AIO_02_Software PS_AIO_02_Software_min PSSWCORE Puzzle Express from Hewlett-Packard Laptops (remove only) Quicken 2006 QuickTime RandMap ROBO Master Scan SCRABBLE from Hewlett-Packard Laptops (remove only) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) SkinsHP1 Slingo Deluxe from Hewlett-Packard Laptops (remove only) Slyder from Hewlett-Packard Laptops (remove only) SmartAudio Snowboard SuperJam SolutionCenter Sonic Audio Module Sonic Copy Module Sonic Data Module Sonic Express Labeler Sonic MyDVD Plus Sonic Update Manager Sonic_PrimoSDK SonicAC3Encoder SonicMPEGEncoder Spybot - Search & Destroy Spybot - Search & Destroy 1.5.2.20 Status Super Granny from Hewlett-Packard Laptops (remove only) Symantec KB-DocID:2003093015493306 Synaptics Pointing Device Driver Texas Instruments PCIxx21/x515/xx12 drivers. TIPCI Toolbox TourSetup Tradewinds from Hewlett-Packard Laptops (remove only) TrayApp Unload UnloadSupport Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB912945) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update Rollup 2 for Windows XP Media Center Edition 2005 VC80CRTRedist - 8.0.50727.762 VideoToolkit01 Viewpoint Media Player Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Vongo WebFldrs XP WebReg WildTangent Web Driver Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB884575 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885464 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885855 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB888402 Windows XP Hotfix - KB889673 Windows XP Hotfix - KB890546 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB892559 Windows XP Media Center Edition 2005 KB925766 Wireless Home Network Setup YPOPs! 0.9.5.14 Zuma Deluxe from Hewlett-Packard Laptops (remove only) ==== Event Viewer Messages From Past Week ======== 7/27/2009 9:10:07 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 7/26/2009 9:58:11 PM, error: Dhcp [1002] - The IP address lease 192.168.1.65 for the Network Card with network address 0013029DFA08 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 7/26/2009 9:34:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT NetworkX RasAcd Rdbss Tcpip 7/26/2009 9:34:02 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 7/26/2009 9:34:02 AM, error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start. 7/26/2009 9:34:02 AM, error: Service Control Manager [7001] - The Message Queuing service depends on the Distributed Transaction Coordinator service which failed to start because of the following error: The dependency service or group failed to start. 7/26/2009 9:34:02 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/26/2009 9:34:02 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/26/2009 9:34:02 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 7/26/2009 9:34:02 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/26/2009 9:34:02 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/26/2009 9:33:14 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 7/26/2009 9:33:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/26/2009 8:50:59 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting. 7/26/2009 8:41:29 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file beep.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0. 7/26/2009 6:19:44 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep 7/26/2009 1:54:01 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 7/25/2009 7:57:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Viewpoint Manager Service service to connect. 7/25/2009 7:57:33 PM, error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/25/2009 6:51:37 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Symantec Core LC service. ==== End Of File =========================== GMER is flashing WARNING!!! GMER has found system modification caused by ROOTKIT activity. I clicked OK to that and copied the following..... the last item...library.... was in red on the scan. GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-28 14:08:01 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- Code 8597A210 ZwEnumerateKey Code 85979D40 ZwFlushInstructionCache Code 8597A746 IofCallDriver Code 8597EE56 IofCompleteRequest Code 859353C5 ZwSaveKey Code 858583BD ZwSaveKeyEx ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!IofCallDriver 804EF1A0 5 Bytes JMP 8597A74B .text ntkrnlpa.exe!IofCompleteRequest 804EF230 5 Bytes JMP 8597EE5B .text ntkrnlpa.exe!ZwSaveKey 80500D38 5 Bytes JMP 859353CA .text ntkrnlpa.exe!ZwSaveKeyEx 80500D4C 5 Bytes JMP 858583C2 PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B5642 5 Bytes JMP 85979D44 PAGE ntkrnlpa.exe!ZwEnumerateKey 80622DBE 5 Bytes JMP 8597A214 ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[180] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D8000A .text C:\WINDOWS\Explorer.EXE[180] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00D9000A .text C:\WINDOWS\system32\dllhost.exe[248] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0097000A .text C:\WINDOWS\system32\dllhost.exe[248] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0098000A .text C:\WINDOWS\ehome\ehtray.exe[452] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00BB000A .text C:\WINDOWS\ehome\ehtray.exe[452] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00BC000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E5000A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[528] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00E6000A .text C:\WINDOWS\system32\mqtgsvc.exe[628] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00AB000A .text C:\WINDOWS\system32\mqtgsvc.exe[628] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00AC000A .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[680] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00CA000A .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[680] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00CB000A .text C:\Program Files\HP\QuickPlay\QPService.exe[688] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00C8000A .text C:\Program Files\HP\QuickPlay\QPService.exe[688] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00C9000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[716] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00BE000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[716] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00BF000A .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[724] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E4000A .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[724] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00E5000A .text C:\WINDOWS\system32\winlogon.exe[904] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0080000A .text C:\WINDOWS\system32\winlogon.exe[904] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0081000A .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[920] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00CE000A .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[920] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00CF000A .text C:\WINDOWS\system32\services.exe[956] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 008F000A .text C:\WINDOWS\system32\services.exe[956] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0090000A .text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A7000A .text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00AB000A .text C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe[1156] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00DB000A .text C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe[1156] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00DC000A .text C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe[1216] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00CE000A .text C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe[1216] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00CF000A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1340] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00C4000A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1340] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00C5000A .text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1348] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00F5000A .text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1348] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00F6000A .text C:\Program Files\iTunes\iTunesHelper.exe[1416] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00C3000A .text C:\Program Files\iTunes\iTunesHelper.exe[1416] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00C4000A .text C:\WINDOWS\system32\igfxtray.exe[1472] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D1000A .text C:\WINDOWS\system32\igfxtray.exe[1472] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00D2000A .text C:\WINDOWS\system32\hkcmd.exe[1488] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D1000A .text C:\WINDOWS\system32\hkcmd.exe[1488] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00D2000A .text C:\WINDOWS\system32\igfxpers.exe[1496] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00CE000A .text C:\WINDOWS\system32\igfxpers.exe[1496] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00CF000A .text C:\Program Files\AIM6\aim6.exe[1540] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00BD000A .text C:\Program Files\AIM6\aim6.exe[1540] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00BE000A .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1556] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00C1000A .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1556] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00C2000A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1656] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00DA000A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1656] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00DB000A .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1756] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E3000A .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1756] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00E4000A .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00CF000A .text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00D0000A .text C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[1908] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D2000A .text C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[1908] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00D3000A .text C:\WINDOWS\system32\msdtc.exe[2068] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009B000A .text C:\WINDOWS\system32\msdtc.exe[2068] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 009F000A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2136] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0099000A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2136] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 009A000A .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2156] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0098000A .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2156] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0099000A .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2176] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009B000A .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2176] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 009C000A .text C:\Program Files\Bonjour\mDNSResponder.exe[2196] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009D000A .text C:\Program Files\Bonjour\mDNSResponder.exe[2196] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 009E000A .text C:\WINDOWS\system32\crypserv.exe[2224] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00AA000A .text C:\WINDOWS\system32\crypserv.exe[2224] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00AB000A .text C:\WINDOWS\eHome\ehRecvr.exe[2328] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 008C000A .text C:\WINDOWS\eHome\ehRecvr.exe[2328] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 008D000A .text C:\WINDOWS\eHome\ehSched.exe[2396] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 008A000A .text C:\WINDOWS\eHome\ehSched.exe[2396] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 008B000A .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2564] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009E000A .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2564] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 009F000A .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2588] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A1000A .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2588] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A2000A .text C:\Program Files\Java\jre6\bin\jqs.exe[2592] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009A000A .text C:\Program Files\Java\jre6\bin\jqs.exe[2592] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 009B000A .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2836] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00AA000A .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2836] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00AB000A .text C:\WINDOWS\system32\wuauclt.exe[2936] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00BF000A .text C:\WINDOWS\system32\wuauclt.exe[2936] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00C0000A .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009B000A .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 009C000A .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3188] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E1000A .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3188] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00E2000A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3216] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A7000A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3216] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00AB000A .text C:\WINDOWS\system32\wbem\unsecapp.exe[3248] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00DB000A .text C:\WINDOWS\system32\wbem\unsecapp.exe[3248] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00DC000A .text C:\Program Files\Vongo\VongoService.exe[3440] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00F2000A .text C:\Program Files\Vongo\VongoService.exe[3440] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00F3000A .text C:\Program Files\Windows Media Player\WMPNetwk.exe[3540] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009F000A .text C:\Program Files\Windows Media Player\WMPNetwk.exe[3540] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A0000A .text C:\Program Files\Outlook Express\msimn.exe[3612] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00B0000A .text C:\Program Files\Outlook Express\msimn.exe[3612] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00B1000A .text C:\Program Files\iPod\bin\iPodService.exe[3664] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009E000A .text C:\Program Files\iPod\bin\iPodService.exe[3664] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 009F000A .text C:\PROGRA~1\AVG\AVG8\avgemc.exe[3700] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00B7000A .text C:\PROGRA~1\AVG\AVG8\avgemc.exe[3700] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00B8000A .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3868] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A8000A .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3868] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A9000A .text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3880] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A1000A .text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3880] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A2000A .text C:\WINDOWS\system32\notepad.exe[3904] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00CF000A .text C:\WINDOWS\system32\notepad.exe[3904] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00D0000A .text C:\WINDOWS\ehome\mcrdsvc.exe[3936] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 008C000A .text C:\WINDOWS\ehome\mcrdsvc.exe[3936] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 008D000A .text C:\WINDOWS\system32\mqsvc.exe[4052] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00AF000A .text C:\WINDOWS\system32\mqsvc.exe[4052] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00B0000A .text C:\WINDOWS\system32\notepad.exe[4308] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00CF000A .text C:\WINDOWS\system32\notepad.exe[4308] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00D0000A .text C:\Program Files\AIM6\aolsoftware.exe[4352] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00BF000A .text C:\Program Files\AIM6\aolsoftware.exe[4352] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00C0000A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4512] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D2000A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4512] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00D3000A .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4600] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00CD000A .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4600] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00CE000A .text C:\Documents and Settings\Kelly\Desktop\m94fw31l.exe[4680] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00C9000A .text C:\Documents and Settings\Kelly\Desktop\m94fw31l.exe[4680] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00CA000A .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4716] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D8000A .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4716] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00D9000A .text C:\Program Files\Mozilla Firefox\firefox.exe[4840] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00DF000A .text C:\Program Files\Mozilla Firefox\firefox.exe[4840] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00E0000A .text C:\Program Files\Mozilla Firefox\firefox.exe[4840] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10012070 .text C:\Program Files\Mozilla Firefox\firefox.exe[4840] WS2_32.dll!send 71AB428A 5 Bytes JMP 10012050 .text C:\Program Files\Mozilla Firefox\firefox.exe[4840] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 10012230 .text C:\Program Files\Internet Explorer\Iexplore.exe[5076] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D3000A .text C:\Program Files\Internet Explorer\Iexplore.exe[5076] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00D6000A .text C:\Program Files\Internet Explorer\Iexplore.exe[5076] WININET.dll!HttpAddRequestHeadersA 771C40E2 5 Bytes JMP 00E1000C .text C:\Program Files\Internet Explorer\Iexplore.exe[5076] WININET.dll!HttpAddRequestHeadersW 771CEF14 5 Bytes JMP 00F2000A .text C:\Program Files\Internet Explorer\Iexplore.exe[5076] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10012070 .text C:\Program Files\Internet Explorer\Iexplore.exe[5076] WS2_32.dll!send 71AB428A 5 Bytes JMP 10012050 .text C:\Program Files\Internet Explorer\Iexplore.exe[5076] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 10012230 .text C:\WINDOWS\eHome\ehmsas.exe[5532] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00B1000A .text C:\WINDOWS\eHome\ehmsas.exe[5532] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00B2000A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [0144A621] c:\program files\aim6\services\imApp\ver6_9_15_1\imAppService.dll (imAppService EE Application Service/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aim6.exe[1540] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[4352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\systemroot\system32\UACcupkcktkag.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1136] 0x01590000 ---- EOF - GMER 1.0.15 ---- Thanks for helping me! KJ